package org.example.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
* @description:
* @author 杨镇宇
* @date 2024/9/6 11:32
* @version 1.0
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/admin/assets/**").permitAll() // 允许静态资源
                .antMatchers("/admin/login").permitAll()     // 允许登录页面
                .antMatchers("/eureka/**").permitAll()       // 允许所有用户访问 /eureka
                .anyRequest().authenticated()                // 其他请求需要认证
                .and()
                .formLogin()
                .loginPage("/admin/login")
                .and()
                .logout()
                .logoutUrl("/admin/logout")
                .permitAll()
                .and()
                .httpBasic()
                .and()
                .csrf()
                .ignoringAntMatchers("/admin/logout", "/eureka/**"); // 忽略特定路径的 CSRF 保护
    }

}